| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Feb 2014 14:03:36 -0800 From: ebiederm@...ssion.com (Eric W. Biederman) To: "J. Bruce Fields" <bfields@...ldses.org> Cc: Miklos Szeredi <miklos@...redi.hu>, Al Viro <viro@...iv.linux.org.uk>, "Serge E. Hallyn" <serge@...lyn.com>, Linux-Fsdevel <linux-fsdevel@...r.kernel.org>, Kernel Mailing List <linux-kernel@...r.kernel.org>, Andy Lutomirski <luto@...capital.net>, Rob Landley <rob@...dley.net>, Linus Torvalds <torvalds@...ux-foundation.org>, Christoph Hellwig <hch@...radead.org>, Karel Zak <kzak@...hat.com> Subject: Re: [PATCH 08/11] vfs: Merge check_submounts_and_drop and d_invalidate "J. Bruce Fields" <bfields@...ldses.org> writes: > On Mon, Feb 24, 2014 at 04:01:29PM -0800, Eric W. Biederman wrote: >> Miklos Szeredi <miklos@...redi.hu> writes: >> >> > >> > You can optimize this by including the negative check within the above d_locked >> > region and calling __d_drop() instead. >> >> For this patch just moving the code and not changing it is the corret >> thing to do because it helps with review and understanding the code. >> >> There are two ways I could see going with optimizing the preamble. >> Simply dropping the d_lock from around the d_unhashed test as a pointer >> dereference should be atomic, and the test is racy against >> d_materialise_unique. > > Could you explain? What's the race, and what are the consequences? >> (We don't always hold the parent directories inode mutex when d_invalidate is called). d_unhashed is not a permanent condition because of d_materialise_unique, and d_splice_alias. d_invalidate can be called on an unhashed dentry in one of two ways (either d_revalidate dropped the dentry or another routine that drops the dentry beat the current invocation of d_invalidate to the job). There are 3 places d_revalidate is called. Once on the rcu path with with the appropriate flag set. Once without out the parent i_mutex held, just off of the rcu path, on that path d_invalidate is when d_revalidate fails. Once during lookup with the parent directory i_mutex held. Because the parent direcories i_mutex is not always held accross d_revalidate and the following d_invalidate it happens that d_invalidate is not always an atomic operation. At worst the race results in a dentry that is dropped when it could be hashed, that we will resurrect next time someone attempts to look it up and d_materialise_unique/d_splice_alias is called. None of that really matters for optimizing d_invalidate, but it is part of the background in which d_invalidate lives. All that is significant in d_invalidate is knowing that d_materialise_unique, and possibly d_splice_alias may run concurrently with d_invalidate. It is unlikely and essentially harmless. After my patchset (because I removed all of the d_drop's from .d_revalidate) the only race that should remain is between two parallel calls of d_invalidate. Which probably means we can remove the test for d_unhashed altogether. Right now I just want to make this first big step and make certain the code is solid. After that optimization is easy. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists